Kenneth,
Sorry about the delay. I have been crazy busy with work. Here is a full squid.conf file from my working web proxy.
Do not modify â/var/ipfire/proxy/squid.confâ directly since any changes
you make will be overwritten whenever you resave proxy settings using the
web interface!
Instead, modify the file â/var/ipfire/proxy/advanced/acls/include.aclâ and
then restart the proxy service using the web interface. Changes made to the
âinclude.aclâ file will propagate to the âsquid.confâ file at that time.
shutdown_lifetime 5 seconds
icp_port 0
http_port 172.x.x.1:801
http_port 172.x.x.1:3129 intercept
acl no_cache_hosts url_regex -i â/var/ipfire/proxy/advanced/acls/dst_nocache_url .aclâ
cache deny no_cache_hosts
cache_effective_user squid
umask 022
pid_filename /var/run/squid.pid
cache_mem 750 MB
error_directory /usr/lib/squid/errors/en
digest_generation off
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 563 # snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 801 # Squids port (for icons)
acl IPFire_http port 81
acl IPFire_https port 444
acl IPFire_ips dst 172.x.x.1
acl IPFire_networks src "/var/ipfire/proxy/advanced/acls/src_subnets.acl "
acl IPFire_servers dst "/var/ipfire/proxy/advanced/acls/src_subnets.acl "
acl IPFire_green_network src 172.x.x.0/24
acl IPFire_green_servers dst 172.x.x.0/24
acl CONNECT method CONNECT
maximum_object_size 4096 KB
minimum_object_size 0 KB
cache_dir aufs /var/log/cache 1500 16 256
request_body_max_size 0 KB
access_log stdio:/var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
access_log stdio:/var/log/squid/user_agent.log useragent
strip_query_terms off
log_mime_hdrs off
forwarded_for off
via off
authenticate_ip_ttl 0
acl within_timeframe time MTWHFAS 00:00-24:00
#Start of custom includes
#End of custom includes
#Settings for squidclamav:
http_port 127.0.0.1:801
acl purge method PURGE
http_access deny to_localhost
http_access allow localhost
http_access allow purge localhost
http_access deny purge
url_rewrite_access deny localhost
#Access to squid:
#local machine, no restriction
http_access allow localhost
#GUI admin if local machine connects
http_access allow IPFire_ips IPFire_networks IPFire_http
http_access allow CONNECT IPFire_ips IPFire_networks IPFire_https
#Deny not web services
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#Set custom configured ACLs
http_access allow IPFire_networks within_timeframe
http_access deny all
#Strip HTTP Header
request_header_access X-Forwarded-For deny all
reply_header_access X-Forwarded-For deny all
request_header_access Via deny all
reply_header_access Via deny all
visible_hostname ipfire.localdomain
cache_mgr pickyouremail@domain.com
Note here⌠I do not have a password set for the cache manager otherwise there would be a parameter for it.
max_filedescriptors 16384
url_rewrite_program /usr/sbin/redirect_wrapper
url_rewrite_children 3 startup=3 idle=3 queue-size=96
----------------------------------------------------------------------------------------------------------------------------------
Notes that I extracted from above Config File from here Down.
/var/ipfire/proxy/advanced/acls/src_subnets.acl
**** You should see all zones in your firewall in here x.x.x.0/24. You should have an allow entry for each zone, Blue, Green, Pink⌠if you use it lol
**** I just advise checking it to make sure its there.
These entries, I believe you already had, along with your other zones.
acl IPFire_green_network src x.x.x.0/24
acl IPFire_green_servers dst x.x.x.0/24
#Access to squid:
#local machine, no restriction
http_access allow localhost
****This allows its self to commuicate with itself.
Check your ports_safe.acl
[root@ipfire squid]# cd /var/ipfire/proxy/advanced/acls/
[root@ipfire acls]# cat ports_safe.acl
80 # http
21 # ftp
443 # https
563 # snews
70 # gopher
210 # wais
1025-65535 # unregistered ports
280 # http-mgmt
488 # gss-http
591 # filemaker
777 # multiling http
801 # Squids port (for icons)
****Make sure the above list matches, and also check your Squids port. Mine is 801, yours I think is different.